cbcvebase.
CVE-2024-47177
published 2024-09-26

CVE-2024-47177: Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products The Palo Alto Networks Product Security Assurance team has evaluated…

medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EXPLOIT
Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176 in the Common UNIX Printing System (CUPS) as they relate to our products. Based on current information, Palo Alto Networks products and cloud services do not contain affected CUPS-related software packages and are not impacted by these issues. Affected products: Cloud NGFW, Cortex XDR, Cortex XDR Agent, Cortex XSIAM, Cortex XSOAR, GlobalProtect App, PAN-OS, Prisma Access, Prisma Browser, Prisma Cloud, Prisma Cloud Compute, Prisma SD-WAN Solution: No software updates are required at this time. Workaround: Customers who decide to block CUPS traffic can create a Security policy rule (Policies > Security) that targets the "cups" application. Refer to the information about creating Security policy rules: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/security-policy/create-a-security-policy-rule

Affected

20 ranges
VendorProductVersion rangeFixed in
debiancups-filters< cups-filters 1.28.17-3+deb12u1 (bookworm)cups-filters 1.28.17-3+deb12u1 (bookworm)
googlechrome_chrome
linuxfoundationcups-filters>= 0 < 1.28.7-1+deb11u31.28.7-1+deb11u3
linuxfoundationcups-filters>= 0 < 1.28.17-3+deb12u11.28.17-3+deb12u1
linuxfoundationcups-filters>= 0 < 1.28.17-51.28.17-5
linuxfoundationcups-filters>= 0 < 1.28.17-51.28.17-5
openprintingcups< 2.4.132.4.13
openprintingcups-browsed
paloaltocloud_ngfw
paloaltocortex_xdr
paloaltocortex_xdr_agent
paloaltocortex_xsiam
paloaltocortex_xsoar
paloaltoglobalprotect_app
paloaltopan-os
paloaltoprisma_access
paloaltoprisma_browser
paloaltoprisma_cloud
paloaltoprisma_cloud_compute
paloaltoprisma_sd-wan

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv8.6HIGH
vendor_debian8.6HIGH
vendor_redhat8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.